多选题Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company runs an Enterprise Root certification authority （CA）.     You need to ensure that only administrators can sign code.     Which two tasks should you perfo

第1题：

Your company has an Active Directory domain. You have a two-tier PKI infrastructure that  contains an offline root CA and an online issuing CA. The Enterprise certification authority is  running Windows Server 2008 R2.   You need to ensure users are able to enroll new certificates.     What should you do（）

• A、Renew the Certificate Revocation List （CRL） on the root CA . Copy the CRL to the CertEnroll folder on the issuing C
• B、Renew the Certificate Revocation List （CRL） on the issuing CA . Copy the CRL to the SystemCertificates folder in th
• C、Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
• D、Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

第2题：

Your company has an Active Directory domain. All servers run Windows Server 2008. You deploy a Certification Authority （CA） server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue， approve， and revoke certificates. What should you do（）

• A、Assign the Certificate Manager role to the CertIssuers group.
• B、Place CertIssuers group in the Certificate Publisher group
• C、Run the certsrv -add CertIssuers command promt of the certificate server
• D、Run the add -member-membertype memberset CertIssuers command by using Microsoft WindowsPowershell

第3题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company runs an Enterprise Root certification authority （CA）.     You need to ensure that only administrators can sign code.     Which two tasks should you perform（）

• A、Publish the code signing template.
• B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admi
• C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
• D、Modify the security settings on the template to allow only administrators to request code signing certificates.

第4题：

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority （CA）. You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA.  What should you do？（）

• A、 Assign the user account to the CA Admin role.
• B、 Add the user account to the local Administrators group.
• C、 Grant the user the Back up files and directories user right.
• D、 Grant the user the Manage auditing and security log user right.

第5题：

Your company has an Active Directory domain. All servers run Windows Server 2008. Your company uses an ENterprise Root certification authority （CA） and an Enterprise Intermediate CA. The Enterprise intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do（）

• A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
• B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
• C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group object.
• D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

第6题：

Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. All client computers run Windows 7. You manage client computers by using Microsoft System Center Configuration Manager 2007 R2. You are deploying Microsoft Enterprise Desktop Virtualization (MED-V) to support client virtualization requirements. You need to ensure that administrators can centrally store MED-V logging information and generate reports. Which two actions should you perform?（）

• A、Install and configure IIS on a member server.
• B、Configure a shared folder on a member server.
• C、Install and configure Microsoft SQL Server 2008 on a member server.
• D、Configure permissions for the shared folder on a member server.

第7题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company uses an Enterprise Root certification authority （CA） and an Enterprise Intermediate CA.  The Enterprise Intermediate CA certificate expires.    You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do（）

• A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
• B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA  server.
• C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers  group policy object.
• D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy  object.

第8题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your   company uses an Enterprise Root certificate authority （CA）.    You need to ensure that revoked certificate information is highly available.    What should you do（）

• A、Implement an Online Certificate Status Protocol （OCSP） responder by using Network Load Balancing.
• B、Implement an Online Certificate Status Protocol （OCSP） responder by using an Internet Security and  Acceleration Server array.
• C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object （GPO）.
• D、Create a new Group Policy Object （GPO） that allows users to trust peer certificates. Link the GPO to  the domain.

第9题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company runs an Enterprise Root certification authority （CA）.   You need to ensure that only administrators can sign code. Which two task should you perform（）

• A、Publish the code signing template.
• B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and  allow only administrators to apply the policy.
• C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted  Publishers.
• D、Modify the security settings on the template to allow only administrators to request code signing  certificates.

第10题：

Your company has an Active Directory forest that contains only Windows Server 2003 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 domain controllers. Which two tasks should you perform（）

• A、Run the adprep /forestprep command.
• B、Run the adprep /domainprep command.
• C、Raise the forest functional level to Windows Server 2008.
• D、Raise the domain functional level to Windows Server 2008.